Code Intelligence and Google Collaborate to Secure Open-Source JavaScript
February 08, 2023

Code Intelligence is adding support for JavaScript into OSS-Fuzz, Google’s platform for continuous fuzzing for open-source software.

JavaScript is one of the most widely used programming languages, especially in the context of web applications. However, security testing for the JavaScript landscape is insufficient, due to a lack of reliable security tools and good integration to common development environments. As part of Code Intelligence's initiative to develop advanced fuzzing and bug detection capabilities for memory-safe languages, it recently released Jazzer.js, a state-of-the-art fuzz testing engine that brings the advancements of white-box fuzzing into the JavaScript ecosystem.

The integration of Jazzer.js into OSS-Fuzz will be the second major language integration from Code Intelligence into Google’s open-source security testing service, for which Code Intelligence provides a complete and advanced fuzzing and bug detection solution. The company’s previous fuzz testing integration into OSS-Fuzz, for Java projects, has already contributed to finding over 500 critical bugs and security vulnerabilities, including remote code execution (such as Log4Shell), Cross-Site Scripting, and injections.

OSS-Fuzz integrates advanced, industry-standard fuzzing technologies for the languages it supports. As part of their collaboration, Code Intelligence has been a strong contributor to OSS-Fuzz for memory-safe languages, such as Java and Go:

“We’ve continuously made improvements to OSS-Fuzz’s infrastructure over the years and expanded our language offerings to cover C/C++, Go, Rust, Java, Python, and Swift, and have introduced support for new frameworks such as FuzzTest.” says Oliver Chang, Senior Staff Engineer at Google’s OSS Fuzzing Team. “Additionally, as part of an ongoing collaboration with Code Intelligence, we’ll soon have support for JavaScript fuzzing through Jazzer.js.”

Jazzer.js is free, open-source, and offers a Jest testing framework integration, so developers can write fuzz tests as easily as unit tests. Furthermore, Jazzer.js is released into the node package manager (npm) so that it is easily accessible by developers. As a result, developers can benefit from excellent integration into their integrated development environments (IDEs), such as IntelliJ and Visual Studio Code, out-of-the-box.

“Our mission is to give every developer the necessary tools to write more secure code.”, says Khaled Yakdan, Chief Scientist and Co-Founder of Code Intelligence. “I’m very glad about the collaboration with Google’s Open-Source Security Team. This will help in making the JavaScript ecosystem more reliable and secure.”

Jazzer.js enables coverage-guided fuzzing for JavaScript and the Node.js.

Share this

Industry News

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.

April 30, 2025

Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.

April 29, 2025

vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.

April 29, 2025

Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.

April 29, 2025

Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.

April 29, 2025

Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).

April 28, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.

April 28, 2025

SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.

April 28, 2025

Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.

April 24, 2025

Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.